diff options
Diffstat (limited to 'bcpkix/src/main/java/org/bouncycastle/cert/crmf')
31 files changed, 0 insertions, 3123 deletions
diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java deleted file mode 100644 index 3cb7f47..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/AuthenticatorControl.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; - -/** - * Carrier for an authenticator control. - */ -public class AuthenticatorControl - implements Control -{ - private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_authenticator; - - private final DERUTF8String token; - - /** - * Basic constructor - build from a UTF-8 string representing the token. - * - * @param token UTF-8 string representing the token. - */ - public AuthenticatorControl(DERUTF8String token) - { - this.token = token; - } - - /** - * Basic constructor - build from a string representing the token. - * - * @param token string representing the token. - */ - public AuthenticatorControl(String token) - { - this.token = new DERUTF8String(token); - } - - /** - * Return the type of this control. - * - * @return CRMFObjectIdentifiers.id_regCtrl_authenticator - */ - public ASN1ObjectIdentifier getType() - { - return type; - } - - /** - * Return the token associated with this control (a UTF8String). - * - * @return a UTF8String. - */ - public ASN1Encodable getValue() - { - return token; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java deleted file mode 100644 index 8ea6ecd..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFException.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.bouncycastle.cert.crmf; - -public class CRMFException - extends Exception -{ - private Throwable cause; - - public CRMFException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java deleted file mode 100644 index 89d6a53..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFRuntimeException.java +++ /dev/null @@ -1,19 +0,0 @@ -package org.bouncycastle.cert.crmf; - -public class CRMFRuntimeException - extends RuntimeException -{ - private Throwable cause; - - public CRMFRuntimeException(String msg, Throwable cause) - { - super(msg); - - this.cause = cause; - } - - public Throwable getCause() - { - return cause; - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java deleted file mode 100644 index f314a95..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CRMFUtil.java +++ /dev/null @@ -1,42 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DEROutputStream; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; -import org.bouncycastle.cert.CertIOException; - -class CRMFUtil -{ - static void derEncodeToStream(ASN1Encodable obj, OutputStream stream) - { - DEROutputStream dOut = new DEROutputStream(stream); - - try - { - dOut.writeObject(obj); - - dOut.close(); - } - catch (IOException e) - { - throw new CRMFRuntimeException("unable to DER encode object: " + e.getMessage(), e); - } - } - - static void addExtension(ExtensionsGenerator extGenerator, ASN1ObjectIdentifier oid, boolean isCritical, ASN1Encodable value) - throws CertIOException - { - try - { - extGenerator.addExtension(oid, isCritical, value); - } - catch (IOException e) - { - throw new CertIOException("cannot encode extension: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java deleted file mode 100644 index b07b1d6..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessage.java +++ /dev/null @@ -1,311 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.IOException; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.crmf.AttributeTypeAndValue; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; -import org.bouncycastle.asn1.crmf.CertReqMsg; -import org.bouncycastle.asn1.crmf.CertTemplate; -import org.bouncycastle.asn1.crmf.Controls; -import org.bouncycastle.asn1.crmf.PKIArchiveOptions; -import org.bouncycastle.asn1.crmf.PKMACValue; -import org.bouncycastle.asn1.crmf.POPOSigningKey; -import org.bouncycastle.asn1.crmf.ProofOfPossession; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.operator.ContentVerifier; -import org.bouncycastle.operator.ContentVerifierProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.util.Encodable; - -/** - * Carrier for a CRMF CertReqMsg. - */ -public class CertificateRequestMessage - implements Encodable -{ - public static final int popRaVerified = ProofOfPossession.TYPE_RA_VERIFIED; - public static final int popSigningKey = ProofOfPossession.TYPE_SIGNING_KEY; - public static final int popKeyEncipherment = ProofOfPossession.TYPE_KEY_ENCIPHERMENT; - public static final int popKeyAgreement = ProofOfPossession.TYPE_KEY_AGREEMENT; - - private final CertReqMsg certReqMsg; - private final Controls controls; - - private static CertReqMsg parseBytes(byte[] encoding) - throws IOException - { - try - { - return CertReqMsg.getInstance(ASN1Primitive.fromByteArray(encoding)); - } - catch (ClassCastException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - catch (IllegalArgumentException e) - { - throw new CertIOException("malformed data: " + e.getMessage(), e); - } - } - - /** - * Create a CertificateRequestMessage from the passed in bytes. - * - * @param certReqMsg BER/DER encoding of the CertReqMsg structure. - * @throws IOException in the event of corrupted data, or an incorrect structure. - */ - public CertificateRequestMessage(byte[] certReqMsg) - throws IOException - { - this(parseBytes(certReqMsg)); - } - - public CertificateRequestMessage(CertReqMsg certReqMsg) - { - this.certReqMsg = certReqMsg; - this.controls = certReqMsg.getCertReq().getControls(); - } - - /** - * Return the underlying ASN.1 object defining this CertificateRequestMessage object. - * - * @return a CertReqMsg. - */ - public CertReqMsg toASN1Structure() - { - return certReqMsg; - } - - /** - * Return the certificate template contained in this message. - * - * @return a CertTemplate structure. - */ - public CertTemplate getCertTemplate() - { - return this.certReqMsg.getCertReq().getCertTemplate(); - } - - /** - * Return whether or not this request has control values associated with it. - * - * @return true if there are control values present, false otherwise. - */ - public boolean hasControls() - { - return controls != null; - } - - /** - * Return whether or not this request has a specific type of control value. - * - * @param type the type OID for the control value we are checking for. - * @return true if a control value of type is present, false otherwise. - */ - public boolean hasControl(ASN1ObjectIdentifier type) - { - return findControl(type) != null; - } - - /** - * Return a control value of the specified type. - * - * @param type the type OID for the control value we are checking for. - * @return the control value if present, null otherwise. - */ - public Control getControl(ASN1ObjectIdentifier type) - { - AttributeTypeAndValue found = findControl(type); - - if (found != null) - { - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions)) - { - return new PKIArchiveControl(PKIArchiveOptions.getInstance(found.getValue())); - } - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_regToken)) - { - return new RegTokenControl(DERUTF8String.getInstance(found.getValue())); - } - if (found.getType().equals(CRMFObjectIdentifiers.id_regCtrl_authenticator)) - { - return new AuthenticatorControl(DERUTF8String.getInstance(found.getValue())); - } - } - - return null; - } - - private AttributeTypeAndValue findControl(ASN1ObjectIdentifier type) - { - if (controls == null) - { - return null; - } - - AttributeTypeAndValue[] tAndVs = controls.toAttributeTypeAndValueArray(); - AttributeTypeAndValue found = null; - - for (int i = 0; i != tAndVs.length; i++) - { - if (tAndVs[i].getType().equals(type)) - { - found = tAndVs[i]; - break; - } - } - - return found; - } - - /** - * Return whether or not this request message has a proof-of-possession field in it. - * - * @return true if proof-of-possession is present, false otherwise. - */ - public boolean hasProofOfPossession() - { - return this.certReqMsg.getPopo() != null; - } - - /** - * Return the type of the proof-of-possession this request message provides. - * - * @return one of: popRaVerified, popSigningKey, popKeyEncipherment, popKeyAgreement - */ - public int getProofOfPossessionType() - { - return this.certReqMsg.getPopo().getType(); - } - - /** - * Return whether or not the proof-of-possession (POP) is of the type popSigningKey and - * it has a public key MAC associated with it. - * - * @return true if POP is popSigningKey and a PKMAC is present, false otherwise. - */ - public boolean hasSigningKeyProofOfPossessionWithPKMAC() - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - return popoSign.getPoposkInput().getPublicKeyMAC() != null; - } - - return false; - } - - /** - * Return whether or not a signing key proof-of-possession (POP) is valid. - * - * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP. - * @return true if the POP is valid, false otherwise. - * @throws CRMFException if there is a problem in verification or content verifier creation. - * @throws IllegalStateException if POP not appropriate. - */ - public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider) - throws CRMFException, IllegalStateException - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - if (popoSign.getPoposkInput() != null && popoSign.getPoposkInput().getPublicKeyMAC() != null) - { - throw new IllegalStateException("verification requires password check"); - } - - return verifySignature(verifierProvider, popoSign); - } - else - { - throw new IllegalStateException("not Signing Key type of proof of possession"); - } - } - - /** - * Return whether or not a signing key proof-of-possession (POP), with an associated PKMAC, is valid. - * - * @param verifierProvider a provider that can produce content verifiers for the signature contained in this POP. - * @param macBuilder a suitable PKMACBuilder to create the MAC verifier. - * @param password the password used to key the MAC calculation. - * @return true if the POP is valid, false otherwise. - * @throws CRMFException if there is a problem in verification or content verifier creation. - * @throws IllegalStateException if POP not appropriate. - */ - public boolean isValidSigningKeyPOP(ContentVerifierProvider verifierProvider, PKMACBuilder macBuilder, char[] password) - throws CRMFException, IllegalStateException - { - ProofOfPossession pop = certReqMsg.getPopo(); - - if (pop.getType() == popSigningKey) - { - POPOSigningKey popoSign = POPOSigningKey.getInstance(pop.getObject()); - - if (popoSign.getPoposkInput() == null || popoSign.getPoposkInput().getSender() != null) - { - throw new IllegalStateException("no PKMAC present in proof of possession"); - } - - PKMACValue pkMAC = popoSign.getPoposkInput().getPublicKeyMAC(); - PKMACValueVerifier macVerifier = new PKMACValueVerifier(macBuilder); - - if (macVerifier.isValid(pkMAC, password, this.getCertTemplate().getPublicKey())) - { - return verifySignature(verifierProvider, popoSign); - } - - return false; - } - else - { - throw new IllegalStateException("not Signing Key type of proof of possession"); - } - } - - private boolean verifySignature(ContentVerifierProvider verifierProvider, POPOSigningKey popoSign) - throws CRMFException - { - ContentVerifier verifier; - - try - { - verifier = verifierProvider.get(popoSign.getAlgorithmIdentifier()); - } - catch (OperatorCreationException e) - { - throw new CRMFException("unable to create verifier: " + e.getMessage(), e); - } - - if (popoSign.getPoposkInput() != null) - { - CRMFUtil.derEncodeToStream(popoSign.getPoposkInput(), verifier.getOutputStream()); - } - else - { - CRMFUtil.derEncodeToStream(certReqMsg.getCertReq(), verifier.getOutputStream()); - } - - return verifier.verify(popoSign.getSignature().getBytes()); - } - - /** - * Return the ASN.1 encoding of the certReqMsg we wrap. - * - * @return a byte array containing the binary encoding of the certReqMsg. - * @throws IOException if there is an exception creating the encoding. - */ - public byte[] getEncoded() - throws IOException - { - return certReqMsg.getEncoded(); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java deleted file mode 100644 index aa48235..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/CertificateRequestMessageBuilder.java +++ /dev/null @@ -1,279 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.math.BigInteger; -import java.util.ArrayList; -import java.util.Date; -import java.util.Iterator; -import java.util.List; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1EncodableVector; -import org.bouncycastle.asn1.ASN1Integer; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.DERSequence; -import org.bouncycastle.asn1.crmf.AttributeTypeAndValue; -import org.bouncycastle.asn1.crmf.CertReqMsg; -import org.bouncycastle.asn1.crmf.CertRequest; -import org.bouncycastle.asn1.crmf.CertTemplate; -import org.bouncycastle.asn1.crmf.CertTemplateBuilder; -import org.bouncycastle.asn1.crmf.OptionalValidity; -import org.bouncycastle.asn1.crmf.POPOPrivKey; -import org.bouncycastle.asn1.crmf.ProofOfPossession; -import org.bouncycastle.asn1.crmf.SubsequentMessage; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.ExtensionsGenerator; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x509.Time; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.operator.ContentSigner; - -public class CertificateRequestMessageBuilder -{ - private final BigInteger certReqId; - - private ExtensionsGenerator extGenerator; - private CertTemplateBuilder templateBuilder; - private List controls; - private ContentSigner popSigner; - private PKMACBuilder pkmacBuilder; - private char[] password; - private GeneralName sender; - private POPOPrivKey popoPrivKey; - private ASN1Null popRaVerified; - - public CertificateRequestMessageBuilder(BigInteger certReqId) - { - this.certReqId = certReqId; - - this.extGenerator = new ExtensionsGenerator(); - this.templateBuilder = new CertTemplateBuilder(); - this.controls = new ArrayList(); - } - - public CertificateRequestMessageBuilder setPublicKey(SubjectPublicKeyInfo publicKey) - { - if (publicKey != null) - { - templateBuilder.setPublicKey(publicKey); - } - - return this; - } - - public CertificateRequestMessageBuilder setIssuer(X500Name issuer) - { - if (issuer != null) - { - templateBuilder.setIssuer(issuer); - } - - return this; - } - - public CertificateRequestMessageBuilder setSubject(X500Name subject) - { - if (subject != null) - { - templateBuilder.setSubject(subject); - } - - return this; - } - - public CertificateRequestMessageBuilder setSerialNumber(BigInteger serialNumber) - { - if (serialNumber != null) - { - templateBuilder.setSerialNumber(new ASN1Integer(serialNumber)); - } - - return this; - } - - /** - * Request a validity period for the certificate. Either, but not both, of the date parameters may be null. - * - * @param notBeforeDate not before date for certificate requested. - * @param notAfterDate not after date for the certificate requested. - * - * @return the current builder. - */ - public CertificateRequestMessageBuilder setValidity(Date notBeforeDate, Date notAfterDate) - { - templateBuilder.setValidity(new OptionalValidity(createTime(notBeforeDate), createTime(notAfterDate))); - - return this; - } - - private Time createTime(Date date) - { - if (date != null) - { - return new Time(date); - } - - return null; - } - - public CertificateRequestMessageBuilder addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - ASN1Encodable value) - throws CertIOException - { - CRMFUtil.addExtension(extGenerator, oid, critical, value); - - return this; - } - - public CertificateRequestMessageBuilder addExtension( - ASN1ObjectIdentifier oid, - boolean critical, - byte[] value) - { - extGenerator.addExtension(oid, critical, value); - - return this; - } - - public CertificateRequestMessageBuilder addControl(Control control) - { - controls.add(control); - - return this; - } - - public CertificateRequestMessageBuilder setProofOfPossessionSigningKeySigner(ContentSigner popSigner) - { - if (popoPrivKey != null || popRaVerified != null) - { - throw new IllegalStateException("only one proof of possession allowed"); - } - - this.popSigner = popSigner; - - return this; - } - - public CertificateRequestMessageBuilder setProofOfPossessionSubsequentMessage(SubsequentMessage msg) - { - if (popSigner != null || popRaVerified != null) - { - throw new IllegalStateException("only one proof of possession allowed"); - } - - this.popoPrivKey = new POPOPrivKey(msg); - - return this; - } - - public CertificateRequestMessageBuilder setProofOfPossessionRaVerified() - { - if (popSigner != null || popoPrivKey != null) - { - throw new IllegalStateException("only one proof of possession allowed"); - } - - this.popRaVerified = DERNull.INSTANCE; - - return this; - } - - public CertificateRequestMessageBuilder setAuthInfoPKMAC(PKMACBuilder pkmacBuilder, char[] password) - { - this.pkmacBuilder = pkmacBuilder; - this.password = password; - - return this; - } - - public CertificateRequestMessageBuilder setAuthInfoSender(X500Name sender) - { - return setAuthInfoSender(new GeneralName(sender)); - } - - public CertificateRequestMessageBuilder setAuthInfoSender(GeneralName sender) - { - this.sender = sender; - - return this; - } - - public CertificateRequestMessage build() - throws CRMFException - { - ASN1EncodableVector v = new ASN1EncodableVector(); - - v.add(new ASN1Integer(certReqId)); - - if (!extGenerator.isEmpty()) - { - templateBuilder.setExtensions(extGenerator.generate()); - } - - v.add(templateBuilder.build()); - - if (!controls.isEmpty()) - { - ASN1EncodableVector controlV = new ASN1EncodableVector(); - - for (Iterator it = controls.iterator(); it.hasNext();) - { - Control control = (Control)it.next(); - - controlV.add(new AttributeTypeAndValue(control.getType(), control.getValue())); - } - - v.add(new DERSequence(controlV)); - } - - CertRequest request = CertRequest.getInstance(new DERSequence(v)); - - v = new ASN1EncodableVector(); - - v.add(request); - - if (popSigner != null) - { - CertTemplate template = request.getCertTemplate(); - - if (template.getSubject() == null || template.getPublicKey() == null) - { - SubjectPublicKeyInfo pubKeyInfo = request.getCertTemplate().getPublicKey(); - ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(pubKeyInfo); - - if (sender != null) - { - builder.setSender(sender); - } - else - { - PKMACValueGenerator pkmacGenerator = new PKMACValueGenerator(pkmacBuilder); - - builder.setPublicKeyMac(pkmacGenerator, password); - } - - v.add(new ProofOfPossession(builder.build(popSigner))); - } - else - { - ProofOfPossessionSigningKeyBuilder builder = new ProofOfPossessionSigningKeyBuilder(request); - - v.add(new ProofOfPossession(builder.build(popSigner))); - } - } - else if (popoPrivKey != null) - { - v.add(new ProofOfPossession(ProofOfPossession.TYPE_KEY_ENCIPHERMENT, popoPrivKey)); - } - else if (popRaVerified != null) - { - v.add(new ProofOfPossession()); - } - - return new CertificateRequestMessage(CertReqMsg.getInstance(new DERSequence(v))); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/Control.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/Control.java deleted file mode 100644 index f86f8a0..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/Control.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; - -/** - * Generic interface for a CertificateRequestMessage control value. - */ -public interface Control -{ - /** - * Return the type of this control. - * - * @return an ASN1ObjectIdentifier representing the type. - */ - ASN1ObjectIdentifier getType(); - - /** - * Return the value contained in this control object. - * - * @return the value of the control. - */ - ASN1Encodable getValue(); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java deleted file mode 100644 index 55187b5..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueBuilder.java +++ /dev/null @@ -1,133 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.crmf.EncryptedValue; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.KeyWrapper; -import org.bouncycastle.operator.OperatorException; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.util.Strings; - -/** - * Builder for EncryptedValue structures. - */ -public class EncryptedValueBuilder -{ - private KeyWrapper wrapper; - private OutputEncryptor encryptor; - private EncryptedValuePadder padder; - - /** - * Create a builder that makes EncryptedValue structures. - * - * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue. - * @param encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. - */ - public EncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor) - { - this(wrapper, encryptor, null); - } - - /** - * Create a builder that makes EncryptedValue structures with fixed length blocks padded using the passed in padder. - * - * @param wrapper a wrapper for key used to encrypt the actual data contained in the EncryptedValue. - * @param encryptor an output encryptor to encrypt the actual data contained in the EncryptedValue. - * @param padder a padder to ensure that the EncryptedValue created will always be a constant length. - */ - public EncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor, EncryptedValuePadder padder) - { - this.wrapper = wrapper; - this.encryptor = encryptor; - this.padder = padder; - } - - /** - * Build an EncryptedValue structure containing the passed in pass phrase. - * - * @param revocationPassphrase a revocation pass phrase. - * @return an EncryptedValue containing the encrypted pass phrase. - * @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this value. - */ - public EncryptedValue build(char[] revocationPassphrase) - throws CRMFException - { - return encryptData(padData(Strings.toUTF8ByteArray(revocationPassphrase))); - } - - /** - * Build an EncryptedValue structure containing the certificate contained in - * the passed in holder. - * - * @param holder a holder containing a certificate. - * @return an EncryptedValue containing the encrypted certificate. - * @throws CRMFException on a failure to encrypt the data, or wrap the symmetric key for this value. - */ - public EncryptedValue build(X509CertificateHolder holder) - throws CRMFException - { - try - { - return encryptData(padData(holder.getEncoded())); - } - catch (IOException e) - { - throw new CRMFException("cannot encode certificate: " + e.getMessage(), e); - } - } - - private EncryptedValue encryptData(byte[] data) - throws CRMFException - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - OutputStream eOut = encryptor.getOutputStream(bOut); - - try - { - eOut.write(data); - - eOut.close(); - } - catch (IOException e) - { - throw new CRMFException("cannot process data: " + e.getMessage(), e); - } - - AlgorithmIdentifier intendedAlg = null; - AlgorithmIdentifier symmAlg = encryptor.getAlgorithmIdentifier(); - DERBitString encSymmKey; - - try - { - wrapper.generateWrappedKey(encryptor.getKey()); - encSymmKey = new DERBitString(wrapper.generateWrappedKey(encryptor.getKey())); - } - catch (OperatorException e) - { - throw new CRMFException("cannot wrap key: " + e.getMessage(), e); - } - - AlgorithmIdentifier keyAlg = wrapper.getAlgorithmIdentifier(); - ASN1OctetString valueHint = null; - DERBitString encValue = new DERBitString(bOut.toByteArray()); - - return new EncryptedValue(intendedAlg, symmAlg, encSymmKey, keyAlg, valueHint, encValue); - } - - private byte[] padData(byte[] data) - { - if (padder != null) - { - return padder.getPaddedData(data); - } - - return data; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java deleted file mode 100644 index 41ca866..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValuePadder.java +++ /dev/null @@ -1,24 +0,0 @@ -package org.bouncycastle.cert.crmf; - -/** - * An encrypted value padder is used to make sure that prior to a value been - * encrypted the data is padded to a standard length. - */ -public interface EncryptedValuePadder -{ - /** - * Return a byte array of padded data. - * - * @param data the data to be padded. - * @return a padded byte array containing data. - */ - byte[] getPaddedData(byte[] data); - - /** - * Return a byte array of with padding removed. - * - * @param paddedData the data to be padded. - * @return an array containing the original unpadded data. - */ - byte[] getUnpaddedData(byte[] paddedData); -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java deleted file mode 100644 index 6c0aa87..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/EncryptedValueParser.java +++ /dev/null @@ -1,103 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.InputStream; - -import org.bouncycastle.asn1.crmf.EncryptedValue; -import org.bouncycastle.asn1.x509.Certificate; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.operator.InputDecryptor; -import org.bouncycastle.util.Strings; -import org.bouncycastle.util.io.Streams; - -/** - * Parser for EncryptedValue structures. - */ -public class EncryptedValueParser -{ - private EncryptedValue value; - private EncryptedValuePadder padder; - - /** - * Basic constructor - create a parser to read the passed in value. - * - * @param value the value to be parsed. - */ - public EncryptedValueParser(EncryptedValue value) - { - this.value = value; - } - - /** - * Create a parser to read the passed in value, assuming the padder was - * applied to the data prior to encryption. - * - * @param value the value to be parsed. - * @param padder the padder to be used to remove padding from the decrypted value.. - */ - public EncryptedValueParser(EncryptedValue value, EncryptedValuePadder padder) - { - this.value = value; - this.padder = padder; - } - - private byte[] decryptValue(ValueDecryptorGenerator decGen) - throws CRMFException - { - if (value.getIntendedAlg() != null) - { - throw new UnsupportedOperationException(); - } - if (value.getValueHint() != null) - { - throw new UnsupportedOperationException(); - } - - InputDecryptor decryptor = decGen.getValueDecryptor(value.getKeyAlg(), - value.getSymmAlg(), value.getEncSymmKey().getBytes()); - InputStream dataIn = decryptor.getInputStream(new ByteArrayInputStream( - value.getEncValue().getBytes())); - try - { - byte[] data = Streams.readAll(dataIn); - - if (padder != null) - { - return padder.getUnpaddedData(data); - } - - return data; - } - catch (IOException e) - { - throw new CRMFException("Cannot parse decrypted data: " + e.getMessage(), e); - } - } - - /** - * Read a X.509 certificate. - * - * @param decGen the decryptor generator to decrypt the encrypted value. - * @return an X509CertificateHolder containing the certificate read. - * @throws CRMFException if the decrypted data cannot be parsed, or a decryptor cannot be generated. - */ - public X509CertificateHolder readCertificateHolder(ValueDecryptorGenerator decGen) - throws CRMFException - { - return new X509CertificateHolder(Certificate.getInstance(decryptValue(decGen))); - } - - /** - * Read a pass phrase. - * - * @param decGen the decryptor generator to decrypt the encrypted value. - * @return a pass phrase as recovered from the encrypted value. - * @throws CRMFException if the decrypted data cannot be parsed, or a decryptor cannot be generated. - */ - public char[] readPassphrase(ValueDecryptorGenerator decGen) - throws CRMFException - { - return Strings.fromUTF8ByteArray(decryptValue(decGen)).toCharArray(); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java deleted file mode 100644 index 7bc9957..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControl.java +++ /dev/null @@ -1,104 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.cms.CMSObjectIdentifiers; -import org.bouncycastle.asn1.cms.ContentInfo; -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; -import org.bouncycastle.asn1.crmf.EncryptedKey; -import org.bouncycastle.asn1.crmf.PKIArchiveOptions; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.CMSException; - -/** - * Carrier for a PKIArchiveOptions structure. - */ -public class PKIArchiveControl - implements Control -{ - public static final int encryptedPrivKey = PKIArchiveOptions.encryptedPrivKey; - public static final int keyGenParameters = PKIArchiveOptions.keyGenParameters; - public static final int archiveRemGenPrivKey = PKIArchiveOptions.archiveRemGenPrivKey; - - private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions; - - private final PKIArchiveOptions pkiArchiveOptions; - - /** - * Basic constructor - build from an PKIArchiveOptions structure. - * - * @param pkiArchiveOptions the ASN.1 structure that will underlie this control. - */ - public PKIArchiveControl(PKIArchiveOptions pkiArchiveOptions) - { - this.pkiArchiveOptions = pkiArchiveOptions; - } - - /** - * Return the type of this control. - * - * @return CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions - */ - public ASN1ObjectIdentifier getType() - { - return type; - } - - /** - * Return the underlying ASN.1 object. - * - * @return a PKIArchiveOptions structure. - */ - public ASN1Encodable getValue() - { - return pkiArchiveOptions; - } - - /** - * Return the archive control type, one of: encryptedPrivKey,keyGenParameters,or archiveRemGenPrivKey. - * - * @return the archive control type. - */ - public int getArchiveType() - { - return pkiArchiveOptions.getType(); - } - - /** - * Return whether this control contains enveloped data. - * - * @return true if the control contains enveloped data, false otherwise. - */ - public boolean isEnvelopedData() - { - EncryptedKey encKey = EncryptedKey.getInstance(pkiArchiveOptions.getValue()); - - return !encKey.isEncryptedValue(); - } - - /** - * Return the enveloped data structure contained in this control. - * - * @return a CMSEnvelopedData object. - */ - public CMSEnvelopedData getEnvelopedData() - throws CRMFException - { - try - { - EncryptedKey encKey = EncryptedKey.getInstance(pkiArchiveOptions.getValue()); - EnvelopedData data = EnvelopedData.getInstance(encKey.getValue()); - - return new CMSEnvelopedData(new ContentInfo(CMSObjectIdentifiers.envelopedData, data)); - } - catch (CMSException e) - { - throw new CRMFException("CMS parsing error: " + e.getMessage(), e.getCause()); - } - catch (Exception e) - { - throw new CRMFException("CRMF parsing error: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java deleted file mode 100644 index 9edf75c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKIArchiveControlBuilder.java +++ /dev/null @@ -1,78 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.IOException; - -import org.bouncycastle.asn1.cms.EnvelopedData; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; -import org.bouncycastle.asn1.crmf.EncKeyWithID; -import org.bouncycastle.asn1.crmf.EncryptedKey; -import org.bouncycastle.asn1.crmf.PKIArchiveOptions; -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.cms.CMSEnvelopedData; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.CMSException; -import org.bouncycastle.cms.CMSProcessableByteArray; -import org.bouncycastle.cms.RecipientInfoGenerator; -import org.bouncycastle.operator.OutputEncryptor; - -/** - * Builder for a PKIArchiveControl structure. - */ -public class PKIArchiveControlBuilder -{ - private CMSEnvelopedDataGenerator envGen; - private CMSProcessableByteArray keyContent; - - /** - * Basic constructor - specify the contents of the PKIArchiveControl structure. - * - * @param privateKeyInfo the private key to be archived. - * @param generalName the general name to be associated with the private key. - */ - public PKIArchiveControlBuilder(PrivateKeyInfo privateKeyInfo, GeneralName generalName) - { - EncKeyWithID encKeyWithID = new EncKeyWithID(privateKeyInfo, generalName); - - try - { - this.keyContent = new CMSProcessableByteArray(CRMFObjectIdentifiers.id_ct_encKeyWithID, encKeyWithID.getEncoded()); - } - catch (IOException e) - { - throw new IllegalStateException("unable to encode key and general name info"); - } - - this.envGen = new CMSEnvelopedDataGenerator(); - } - - /** - * Add a recipient generator to this control. - * - * @param recipientGen recipient generator created for a specific recipient. - * @return this builder object. - */ - public PKIArchiveControlBuilder addRecipientGenerator(RecipientInfoGenerator recipientGen) - { - envGen.addRecipientInfoGenerator(recipientGen); - - return this; - } - - /** - * Build the PKIArchiveControl using the passed in encryptor to encrypt its contents. - * - * @param contentEncryptor a suitable content encryptor. - * @return a PKIArchiveControl object. - * @throws CMSException in the event the build fails. - */ - public PKIArchiveControl build(OutputEncryptor contentEncryptor) - throws CMSException - { - CMSEnvelopedData envContent = envGen.generate(keyContent, contentEncryptor); - - EnvelopedData envD = EnvelopedData.getInstance(envContent.toASN1Structure().getContent()); - - return new PKIArchiveControl(new PKIArchiveOptions(new EncryptedKey(envD))); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java deleted file mode 100644 index abbdaed..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACBuilder.java +++ /dev/null @@ -1,199 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.ByteArrayOutputStream; -import java.io.OutputStream; -import java.security.SecureRandom; - -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.cmp.CMPObjectIdentifiers; -import org.bouncycastle.asn1.cmp.PBMParameter; -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.operator.RuntimeOperatorException; -import org.bouncycastle.util.Strings; - -public class PKMACBuilder -{ - private AlgorithmIdentifier owf; - private int iterationCount; - private AlgorithmIdentifier mac; - private int saltLength = 20; - private SecureRandom random; - private PKMACValuesCalculator calculator; - private PBMParameter parameters; - private int maxIterations; - - public PKMACBuilder(PKMACValuesCalculator calculator) - { - this(new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1), 1000, new AlgorithmIdentifier(IANAObjectIdentifiers.hmacSHA1, DERNull.INSTANCE), calculator); - } - - /** - * Create a PKMAC builder enforcing a ceiling on the maximum iteration count. - * - * @param calculator supporting calculator - * @param maxIterations max allowable value for iteration count. - */ - public PKMACBuilder(PKMACValuesCalculator calculator, int maxIterations) - { - this.maxIterations = maxIterations; - this.calculator = calculator; - } - - private PKMACBuilder(AlgorithmIdentifier hashAlgorithm, int iterationCount, AlgorithmIdentifier macAlgorithm, PKMACValuesCalculator calculator) - { - this.owf = hashAlgorithm; - this.iterationCount = iterationCount; - this.mac = macAlgorithm; - this.calculator = calculator; - } - - /** - * Set the salt length in octets. - * - * @param saltLength length in octets of the salt to be generated. - * @return the generator - */ - public PKMACBuilder setSaltLength(int saltLength) - { - if (saltLength < 8) - { - throw new IllegalArgumentException("salt length must be at least 8 bytes"); - } - - this.saltLength = saltLength; - - return this; - } - - public PKMACBuilder setIterationCount(int iterationCount) - { - if (iterationCount < 100) - { - throw new IllegalArgumentException("iteration count must be at least 100"); - } - checkIterationCountCeiling(iterationCount); - - this.iterationCount = iterationCount; - - return this; - } - - public PKMACBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public PKMACBuilder setParameters(PBMParameter parameters) - { - checkIterationCountCeiling(parameters.getIterationCount().getValue().intValue()); - - this.parameters = parameters; - - return this; - } - - public MacCalculator build(char[] password) - throws CRMFException - { - if (parameters != null) - { - return genCalculator(parameters, password); - } - else - { - byte[] salt = new byte[saltLength]; - - if (random == null) - { - this.random = new SecureRandom(); - } - - random.nextBytes(salt); - - return genCalculator(new PBMParameter(salt, owf, iterationCount, mac), password); - } - } - - private void checkIterationCountCeiling(int iterationCount) - { - if (maxIterations > 0 && iterationCount > maxIterations) - { - throw new IllegalArgumentException("iteration count exceeds limit (" + iterationCount + " > " + maxIterations + ")"); - } - } - - private MacCalculator genCalculator(final PBMParameter params, char[] password) - throws CRMFException - { - // From RFC 4211 - // - // 1. Generate a random salt value S - // - // 2. Append the salt to the pw. K = pw || salt. - // - // 3. Hash the value of K. K = HASH(K) - // - // 4. Iter = Iter - 1. If Iter is greater than zero. Goto step 3. - // - // 5. Compute an HMAC as documented in [HMAC]. - // - // MAC = HASH( K XOR opad, HASH( K XOR ipad, data) ) - // - // Where opad and ipad are defined in [HMAC]. - byte[] pw = Strings.toUTF8ByteArray(password); - byte[] salt = params.getSalt().getOctets(); - byte[] K = new byte[pw.length + salt.length]; - - System.arraycopy(pw, 0, K, 0, pw.length); - System.arraycopy(salt, 0, K, pw.length, salt.length); - - calculator.setup(params.getOwf(), params.getMac()); - - int iter = params.getIterationCount().getValue().intValue(); - do - { - K = calculator.calculateDigest(K); - } - while (--iter > 0); - - final byte[] key = K; - - return new MacCalculator() - { - ByteArrayOutputStream bOut = new ByteArrayOutputStream(); - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return new AlgorithmIdentifier(CMPObjectIdentifiers.passwordBasedMac, params); - } - - public GenericKey getKey() - { - return new GenericKey(getAlgorithmIdentifier(), key); - } - - public OutputStream getOutputStream() - { - return bOut; - } - - public byte[] getMac() - { - try - { - return calculator.calculateMac(key, bOut.toByteArray()); - } - catch (CRMFException e) - { - throw new RuntimeOperatorException("exception calculating mac: " + e.getMessage(), e); - } - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java deleted file mode 100644 index 2457687..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueGenerator.java +++ /dev/null @@ -1,41 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.crmf.PKMACValue; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.MacCalculator; - -class PKMACValueGenerator -{ - private PKMACBuilder builder; - - public PKMACValueGenerator(PKMACBuilder builder) - { - this.builder = builder; - } - - public PKMACValue generate(char[] password, SubjectPublicKeyInfo keyInfo) - throws CRMFException - { - MacCalculator calculator = builder.build(password); - - OutputStream macOut = calculator.getOutputStream(); - - try - { - macOut.write(keyInfo.getEncoded(ASN1Encoding.DER)); - - macOut.close(); - } - catch (IOException e) - { - throw new CRMFException("exception encoding mac input: " + e.getMessage(), e); - } - - return new PKMACValue(calculator.getAlgorithmIdentifier(), new DERBitString(calculator.getMac())); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java deleted file mode 100644 index 1d8c369..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValueVerifier.java +++ /dev/null @@ -1,43 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import java.io.IOException; -import java.io.OutputStream; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.cmp.PBMParameter; -import org.bouncycastle.asn1.crmf.PKMACValue; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.MacCalculator; -import org.bouncycastle.util.Arrays; - -class PKMACValueVerifier -{ - private final PKMACBuilder builder; - - public PKMACValueVerifier(PKMACBuilder builder) - { - this.builder = builder; - } - - public boolean isValid(PKMACValue value, char[] password, SubjectPublicKeyInfo keyInfo) - throws CRMFException - { - builder.setParameters(PBMParameter.getInstance(value.getAlgId().getParameters())); - MacCalculator calculator = builder.build(password); - - OutputStream macOut = calculator.getOutputStream(); - - try - { - macOut.write(keyInfo.getEncoded(ASN1Encoding.DER)); - - macOut.close(); - } - catch (IOException e) - { - throw new CRMFException("exception encoding mac input: " + e.getMessage(), e); - } - - return Arrays.areEqual(calculator.getMac(), value.getValue().getBytes()); - } -}
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java deleted file mode 100644 index 2813b6c..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/PKMACValuesCalculator.java +++ /dev/null @@ -1,15 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; - -public interface PKMACValuesCalculator -{ - void setup(AlgorithmIdentifier digestAlg, AlgorithmIdentifier macAlg) - throws CRMFException; - - byte[] calculateDigest(byte[] data) - throws CRMFException; - - byte[] calculateMac(byte[] pwd, byte[] data) - throws CRMFException; -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java deleted file mode 100644 index 7297980..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ProofOfPossessionSigningKeyBuilder.java +++ /dev/null @@ -1,75 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.DERBitString; -import org.bouncycastle.asn1.crmf.CertRequest; -import org.bouncycastle.asn1.crmf.PKMACValue; -import org.bouncycastle.asn1.crmf.POPOSigningKey; -import org.bouncycastle.asn1.crmf.POPOSigningKeyInput; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.operator.ContentSigner; - -public class ProofOfPossessionSigningKeyBuilder -{ - private CertRequest certRequest; - private SubjectPublicKeyInfo pubKeyInfo; - private GeneralName name; - private PKMACValue publicKeyMAC; - - public ProofOfPossessionSigningKeyBuilder(CertRequest certRequest) - { - this.certRequest = certRequest; - } - - - public ProofOfPossessionSigningKeyBuilder(SubjectPublicKeyInfo pubKeyInfo) - { - this.pubKeyInfo = pubKeyInfo; - } - - public ProofOfPossessionSigningKeyBuilder setSender(GeneralName name) - { - this.name = name; - - return this; - } - - public ProofOfPossessionSigningKeyBuilder setPublicKeyMac(PKMACValueGenerator generator, char[] password) - throws CRMFException - { - this.publicKeyMAC = generator.generate(password, pubKeyInfo); - - return this; - } - - public POPOSigningKey build(ContentSigner signer) - { - if (name != null && publicKeyMAC != null) - { - throw new IllegalStateException("name and publicKeyMAC cannot both be set."); - } - - POPOSigningKeyInput popo; - - if (certRequest != null) - { - popo = null; - - CRMFUtil.derEncodeToStream(certRequest, signer.getOutputStream()); - } - else if (name != null) - { - popo = new POPOSigningKeyInput(name, pubKeyInfo); - - CRMFUtil.derEncodeToStream(popo, signer.getOutputStream()); - } - else - { - popo = new POPOSigningKeyInput(publicKeyMAC, pubKeyInfo); - - CRMFUtil.derEncodeToStream(popo, signer.getOutputStream()); - } - - return new POPOSigningKey(popo, signer.getAlgorithmIdentifier(), new DERBitString(signer.getSignature())); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java deleted file mode 100644 index 81af172..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/RegTokenControl.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.DERUTF8String; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; - -/** - * Carrier for a registration token control. - */ -public class RegTokenControl - implements Control -{ - private static final ASN1ObjectIdentifier type = CRMFObjectIdentifiers.id_regCtrl_regToken; - - private final DERUTF8String token; - - /** - * Basic constructor - build from a UTF-8 string representing the token. - * - * @param token UTF-8 string representing the token. - */ - public RegTokenControl(DERUTF8String token) - { - this.token = token; - } - - /** - * Basic constructor - build from a string representing the token. - * - * @param token string representing the token. - */ - public RegTokenControl(String token) - { - this.token = new DERUTF8String(token); - } - - /** - * Return the type of this control. - * - * @return CRMFObjectIdentifiers.id_regCtrl_regToken - */ - public ASN1ObjectIdentifier getType() - { - return type; - } - - /** - * Return the token associated with this control (a UTF8String). - * - * @return a UTF8String. - */ - public ASN1Encodable getValue() - { - return token; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java deleted file mode 100644 index 7125f56..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/ValueDecryptorGenerator.java +++ /dev/null @@ -1,10 +0,0 @@ -package org.bouncycastle.cert.crmf; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.operator.InputDecryptor; - -public interface ValueDecryptorGenerator -{ - InputDecryptor getValueDecryptor(AlgorithmIdentifier keyAlg, AlgorithmIdentifier symmAlg, byte[] encKey) - throws CRMFException; -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java deleted file mode 100644 index 9fa53d6..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/bc/BcFixedLengthMGF1Padder.java +++ /dev/null @@ -1,121 +0,0 @@ -package org.bouncycastle.cert.crmf.bc; - -import java.security.SecureRandom; - -import org.bouncycastle.cert.crmf.EncryptedValuePadder; -import org.bouncycastle.crypto.Digest; -import org.bouncycastle.crypto.digests.SHA1Digest; -import org.bouncycastle.crypto.generators.MGF1BytesGenerator; -import org.bouncycastle.crypto.params.MGFParameters; - -/** - * An encrypted value padder that uses MGF1 as the basis of the padding. - */ -public class BcFixedLengthMGF1Padder - implements EncryptedValuePadder -{ - private int length; - private SecureRandom random; - private Digest dig = new SHA1Digest(); - - /** - * Create a padder to so that padded output will always be at least - * length bytes long. - * - * @param length fixed length for padded output. - */ - public BcFixedLengthMGF1Padder(int length) - { - this(length, null); - } - - /** - * Create a padder to so that padded output will always be at least - * length bytes long, using the passed in source of randomness to - * provide the random material for the padder. - * - * @param length fixed length for padded output. - * @param random a source of randomness. - */ - public BcFixedLengthMGF1Padder(int length, SecureRandom random) - { - this.length = length; - this.random = random; - } - - public byte[] getPaddedData(byte[] data) - { - byte[] bytes = new byte[length]; - byte[] seed = new byte[dig.getDigestSize()]; - byte[] mask = new byte[length - dig.getDigestSize()]; - - if (random == null) - { - random = new SecureRandom(); - } - - random.nextBytes(seed); - - MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); - - maskGen.init(new MGFParameters(seed)); - - maskGen.generateBytes(mask, 0, mask.length); - - System.arraycopy(seed, 0, bytes, 0, seed.length); - System.arraycopy(data, 0, bytes, seed.length, data.length); - - for (int i = seed.length + data.length + 1; i != bytes.length; i++) - { - bytes[i] = (byte)(1 + random.nextInt(255)); - } - - for (int i = 0; i != mask.length; i++) - { - bytes[i + seed.length] ^= mask[i]; - } - - return bytes; - } - - public byte[] getUnpaddedData(byte[] paddedData) - { - byte[] seed = new byte[dig.getDigestSize()]; - byte[] mask = new byte[length - dig.getDigestSize()]; - - System.arraycopy(paddedData, 0, seed, 0, seed.length); - - MGF1BytesGenerator maskGen = new MGF1BytesGenerator(dig); - - maskGen.init(new MGFParameters(seed)); - - maskGen.generateBytes(mask, 0, mask.length); - - for (int i = 0; i != mask.length; i++) - { - paddedData[i + seed.length] ^= mask[i]; - } - - int end = 0; - - for (int i = paddedData.length - 1; i != seed.length; i--) - { - if (paddedData[i] == 0) - { - end = i; - break; - } - } - - if (end == 0) - { - throw new IllegalStateException("bad padding in encoding"); - } - - byte[] data = new byte[end - seed.length]; - - System.arraycopy(paddedData, seed.length, data, 0, data.length); - - return data; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java deleted file mode 100644 index 4878615..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/CRMFHelper.java +++ /dev/null @@ -1,450 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.io.IOException; -import java.security.AlgorithmParameterGenerator; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.KeyFactory; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.X509EncodedKeySpec; -import java.util.HashMap; -import java.util.Map; - -import javax.crypto.Cipher; -import javax.crypto.KeyGenerator; -import javax.crypto.Mac; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.SecretKey; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.RC2ParameterSpec; - -import org.bouncycastle.asn1.ASN1Encodable; -import org.bouncycastle.asn1.ASN1Null; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.ASN1OctetString; -import org.bouncycastle.asn1.ASN1Primitive; -import org.bouncycastle.asn1.DERNull; -import org.bouncycastle.asn1.iana.IANAObjectIdentifiers; -import org.bouncycastle.asn1.nist.NISTObjectIdentifiers; -import org.bouncycastle.asn1.oiw.OIWObjectIdentifiers; -import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.jcajce.util.JcaJceHelper; -import org.bouncycastle.jcajce.util.JcaJceUtils; - -class CRMFHelper -{ - protected static final Map BASE_CIPHER_NAMES = new HashMap(); - protected static final Map CIPHER_ALG_NAMES = new HashMap(); - protected static final Map DIGEST_ALG_NAMES = new HashMap(); - protected static final Map KEY_ALG_NAMES = new HashMap(); - protected static final Map MAC_ALG_NAMES = new HashMap(); - - static - { - BASE_CIPHER_NAMES.put(PKCSObjectIdentifiers.des_EDE3_CBC, "DESEDE"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes128_CBC, "AES"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes192_CBC, "AES"); - BASE_CIPHER_NAMES.put(NISTObjectIdentifiers.id_aes256_CBC, "AES"); - - CIPHER_ALG_NAMES.put(CMSAlgorithm.DES_EDE3_CBC, "DESEDE/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES128_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES192_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(CMSAlgorithm.AES256_CBC, "AES/CBC/PKCS5Padding"); - CIPHER_ALG_NAMES.put(new ASN1ObjectIdentifier(PKCSObjectIdentifiers.rsaEncryption.getId()), "RSA/ECB/PKCS1Padding"); - - DIGEST_ALG_NAMES.put(OIWObjectIdentifiers.idSHA1, "SHA1"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha224, "SHA224"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha256, "SHA256"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha384, "SHA384"); - DIGEST_ALG_NAMES.put(NISTObjectIdentifiers.id_sha512, "SHA512"); - - MAC_ALG_NAMES.put(IANAObjectIdentifiers.hmacSHA1, "HMACSHA1"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA1, "HMACSHA1"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA224, "HMACSHA224"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA256, "HMACSHA256"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA384, "HMACSHA384"); - MAC_ALG_NAMES.put(PKCSObjectIdentifiers.id_hmacWithSHA512, "HMACSHA512"); - - KEY_ALG_NAMES.put(PKCSObjectIdentifiers.rsaEncryption, "RSA"); - KEY_ALG_NAMES.put(X9ObjectIdentifiers.id_dsa, "DSA"); - } - - private JcaJceHelper helper; - - CRMFHelper(JcaJceHelper helper) - { - this.helper = helper; - } - - PublicKey toPublicKey(SubjectPublicKeyInfo subjectPublicKeyInfo) - throws CRMFException - { - try - { - X509EncodedKeySpec xspec = new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded()); - AlgorithmIdentifier keyAlg = subjectPublicKeyInfo.getAlgorithm(); - - return createKeyFactory(keyAlg.getAlgorithm()).generatePublic(xspec); - } - catch (Exception e) - { - throw new CRMFException("invalid key: " + e.getMessage(), e); - } - } - - Cipher createCipher(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String cipherName = (String)CIPHER_ALG_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createCipher(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createCipher(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - public KeyGenerator createKeyGenerator(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String cipherName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (cipherName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyGenerator(cipherName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyGenerator(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("cannot create key generator: " + e.getMessage(), e); - } - } - - - - Cipher createContentCipher(final Key sKey, final AlgorithmIdentifier encryptionAlgID) - throws CRMFException - { - return (Cipher)execute(new JCECallback() - { - public Object doInJCE() - throws CRMFException, InvalidAlgorithmParameterException, - InvalidKeyException, InvalidParameterSpecException, NoSuchAlgorithmException, - NoSuchPaddingException, NoSuchProviderException - { - Cipher cipher = createCipher(encryptionAlgID.getAlgorithm()); - ASN1Primitive sParams = (ASN1Primitive)encryptionAlgID.getParameters(); - ASN1ObjectIdentifier encAlg = encryptionAlgID.getAlgorithm(); - - if (sParams != null && !(sParams instanceof ASN1Null)) - { - try - { - AlgorithmParameters params = createAlgorithmParameters(encryptionAlgID.getAlgorithm()); - - try - { - JcaJceUtils.loadParameters(params, sParams); - } - catch (IOException e) - { - throw new CRMFException("error decoding algorithm parameters.", e); - } - - cipher.init(Cipher.DECRYPT_MODE, sKey, params); - } - catch (NoSuchAlgorithmException e) - { - if (encAlg.equals(CMSAlgorithm.DES_EDE3_CBC) - || encAlg.equals(CMSAlgorithm.IDEA_CBC) - || encAlg.equals(CMSAlgorithm.AES128_CBC) - || encAlg.equals(CMSAlgorithm.AES192_CBC) - || encAlg.equals(CMSAlgorithm.AES256_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec( - ASN1OctetString.getInstance(sParams).getOctets())); - } - else - { - throw e; - } - } - } - else - { - if (encAlg.equals(CMSAlgorithm.DES_EDE3_CBC) - || encAlg.equals(CMSAlgorithm.IDEA_CBC) - || encAlg.equals(CMSAlgorithm.CAST5_CBC)) - { - cipher.init(Cipher.DECRYPT_MODE, sKey, new IvParameterSpec(new byte[8])); - } - else - { - cipher.init(Cipher.DECRYPT_MODE, sKey); - } - } - - return cipher; - } - }); - } - - AlgorithmParameters createAlgorithmParameters(ASN1ObjectIdentifier algorithm) - throws NoSuchAlgorithmException, NoSuchProviderException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameters(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameters(algorithm.getId()); - } - - KeyFactory createKeyFactory(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String algName = (String)KEY_ALG_NAMES.get(algorithm); - - if (algName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createKeyFactory(algName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createKeyFactory(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - MessageDigest createDigest(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String digestName = (String)DIGEST_ALG_NAMES.get(algorithm); - - if (digestName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createDigest(digestName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createDigest(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("cannot create cipher: " + e.getMessage(), e); - } - } - - Mac createMac(ASN1ObjectIdentifier algorithm) - throws CRMFException - { - try - { - String macName = (String)MAC_ALG_NAMES.get(algorithm); - - if (macName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createMac(macName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createMac(algorithm.getId()); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("cannot create mac: " + e.getMessage(), e); - } - } - - AlgorithmParameterGenerator createAlgorithmParameterGenerator(ASN1ObjectIdentifier algorithm) - throws GeneralSecurityException - { - String algorithmName = (String)BASE_CIPHER_NAMES.get(algorithm); - - if (algorithmName != null) - { - try - { - // this is reversed as the Sun policy files now allow unlimited strength RSA - return helper.createAlgorithmParameterGenerator(algorithmName); - } - catch (NoSuchAlgorithmException e) - { - // Ignore - } - } - return helper.createAlgorithmParameterGenerator(algorithm.getId()); - } - - AlgorithmParameters generateParameters(ASN1ObjectIdentifier encryptionOID, SecretKey encKey, SecureRandom rand) - throws CRMFException - { - try - { - AlgorithmParameterGenerator pGen = createAlgorithmParameterGenerator(encryptionOID); - - if (encryptionOID.equals(CMSAlgorithm.RC2_CBC)) - { - byte[] iv = new byte[8]; - - rand.nextBytes(iv); - - try - { - pGen.init(new RC2ParameterSpec(encKey.getEncoded().length * 8, iv), rand); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CRMFException("parameters generation error: " + e, e); - } - } - - return pGen.generateParameters(); - } - catch (NoSuchAlgorithmException e) - { - return null; - } - catch (GeneralSecurityException e) - { - throw new CRMFException("exception creating algorithm parameter generator: " + e, e); - } - } - - AlgorithmIdentifier getAlgorithmIdentifier(ASN1ObjectIdentifier encryptionOID, AlgorithmParameters params) - throws CRMFException - { - ASN1Encodable asn1Params; - if (params != null) - { - try - { - asn1Params = JcaJceUtils.extractParameters(params); - } - catch (IOException e) - { - throw new CRMFException("cannot encode parameters: " + e.getMessage(), e); - } - } - else - { - asn1Params = DERNull.INSTANCE; - } - - return new AlgorithmIdentifier( - encryptionOID, - asn1Params); - } - - static Object execute(JCECallback callback) throws CRMFException - { - try - { - return callback.doInJCE(); - } - catch (NoSuchAlgorithmException e) - { - throw new CRMFException("can't find algorithm.", e); - } - catch (InvalidKeyException e) - { - throw new CRMFException("key invalid in message.", e); - } - catch (NoSuchProviderException e) - { - throw new CRMFException("can't find provider.", e); - } - catch (NoSuchPaddingException e) - { - throw new CRMFException("required padding not supported.", e); - } - catch (InvalidAlgorithmParameterException e) - { - throw new CRMFException("algorithm parameters invalid.", e); - } - catch (InvalidParameterSpecException e) - { - throw new CRMFException("MAC algorithm parameter spec invalid.", e); - } - } - - static interface JCECallback - { - Object doInJCE() - throws CRMFException, InvalidAlgorithmParameterException, InvalidKeyException, InvalidParameterSpecException, - NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java deleted file mode 100644 index 7f33d17..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessage.java +++ /dev/null @@ -1,84 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.io.IOException; -import java.security.Provider; -import java.security.PublicKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.ASN1Encoding; -import org.bouncycastle.asn1.crmf.CertReqMsg; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.cert.crmf.CertificateRequestMessage; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; - -public class JcaCertificateRequestMessage - extends CertificateRequestMessage -{ - private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper()); - - public JcaCertificateRequestMessage(byte[] certReqMsg) - { - this(CertReqMsg.getInstance(certReqMsg)); - } - - public JcaCertificateRequestMessage(CertificateRequestMessage certReqMsg) - { - this(certReqMsg.toASN1Structure()); - } - - public JcaCertificateRequestMessage(CertReqMsg certReqMsg) - { - super(certReqMsg); - } - - public JcaCertificateRequestMessage setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public JcaCertificateRequestMessage setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public X500Principal getSubjectX500Principal() - { - X500Name subject = this.getCertTemplate().getSubject(); - - if (subject != null) - { - try - { - return new X500Principal(subject.getEncoded(ASN1Encoding.DER)); - } - catch (IOException e) - { - throw new IllegalStateException("unable to construct DER encoding of name: " + e.getMessage()); - } - } - - return null; - } - - public PublicKey getPublicKey() - throws CRMFException - { - SubjectPublicKeyInfo subjectPublicKeyInfo = getCertTemplate().getPublicKey(); - - if (subjectPublicKeyInfo != null) - { - return helper.toPublicKey(subjectPublicKeyInfo); - } - - return null; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java deleted file mode 100644 index 63eea67..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaCertificateRequestMessageBuilder.java +++ /dev/null @@ -1,57 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.math.BigInteger; -import java.security.PublicKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; -import org.bouncycastle.cert.crmf.CertificateRequestMessageBuilder; - -public class JcaCertificateRequestMessageBuilder - extends CertificateRequestMessageBuilder -{ - public JcaCertificateRequestMessageBuilder(BigInteger certReqId) - { - super(certReqId); - } - - public JcaCertificateRequestMessageBuilder setIssuer(X500Principal issuer) - { - if (issuer != null) - { - setIssuer(X500Name.getInstance(issuer.getEncoded())); - } - - return this; - } - - public JcaCertificateRequestMessageBuilder setSubject(X500Principal subject) - { - if (subject != null) - { - setSubject(X500Name.getInstance(subject.getEncoded())); - } - - return this; - } - - public JcaCertificateRequestMessageBuilder setAuthInfoSender(X500Principal sender) - { - if (sender != null) - { - setAuthInfoSender(new GeneralName(X500Name.getInstance(sender.getEncoded()))); - } - - return this; - } - - public JcaCertificateRequestMessageBuilder setPublicKey(PublicKey publicKey) - { - setPublicKey(SubjectPublicKeyInfo.getInstance(publicKey.getEncoded())); - - return this; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java deleted file mode 100644 index 91d22a0..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaEncryptedValueBuilder.java +++ /dev/null @@ -1,26 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.security.cert.CertificateEncodingException; -import java.security.cert.X509Certificate; - -import org.bouncycastle.asn1.crmf.EncryptedValue; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.cert.crmf.EncryptedValueBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder; -import org.bouncycastle.operator.KeyWrapper; -import org.bouncycastle.operator.OutputEncryptor; - -public class JcaEncryptedValueBuilder - extends EncryptedValueBuilder -{ - public JcaEncryptedValueBuilder(KeyWrapper wrapper, OutputEncryptor encryptor) - { - super(wrapper, encryptor); - } - - public EncryptedValue build(X509Certificate certificate) - throws CertificateEncodingException, CRMFException - { - return build(new JcaX509CertificateHolder(certificate)); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java deleted file mode 100644 index ab89241..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcaPKIArchiveControlBuilder.java +++ /dev/null @@ -1,29 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.security.PrivateKey; - -import javax.security.auth.x500.X500Principal; - -import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.cert.crmf.PKIArchiveControlBuilder; - -public class JcaPKIArchiveControlBuilder - extends PKIArchiveControlBuilder -{ - public JcaPKIArchiveControlBuilder(PrivateKey privateKey, X500Name name) - { - this(privateKey, new GeneralName(name)); - } - - public JcaPKIArchiveControlBuilder(PrivateKey privateKey, X500Principal name) - { - this(privateKey, X500Name.getInstance(name.getEncoded())); - } - - public JcaPKIArchiveControlBuilder(PrivateKey privateKey, GeneralName generalName) - { - super(PrivateKeyInfo.getInstance(privateKey.getEncoded()), generalName); - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java deleted file mode 100644 index ff1158e..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceAsymmetricValueDecryptorGenerator.java +++ /dev/null @@ -1,120 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.io.InputStream; -import java.security.GeneralSecurityException; -import java.security.InvalidKeyException; -import java.security.Key; -import java.security.PrivateKey; -import java.security.Provider; -import java.security.ProviderException; - -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.CipherInputStream; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.InputDecryptor; - -public class JceAsymmetricValueDecryptorGenerator - implements ValueDecryptorGenerator -{ - private PrivateKey recipientKey; - private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper()); - - public JceAsymmetricValueDecryptorGenerator(PrivateKey recipientKey) - { - this.recipientKey = recipientKey; - } - - public JceAsymmetricValueDecryptorGenerator setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceAsymmetricValueDecryptorGenerator setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - private Key extractSecretKey(AlgorithmIdentifier keyEncryptionAlgorithm, AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CRMFException - { - try - { - Key sKey = null; - - Cipher keyCipher = helper.createCipher(keyEncryptionAlgorithm.getAlgorithm()); - - try - { - keyCipher.init(Cipher.UNWRAP_MODE, recipientKey); - sKey = keyCipher.unwrap(encryptedContentEncryptionKey, contentEncryptionAlgorithm.getAlgorithm().getId(), Cipher.SECRET_KEY); - } - catch (GeneralSecurityException e) - { - } - catch (IllegalStateException e) - { - } - catch (UnsupportedOperationException e) - { - } - catch (ProviderException e) - { - } - - // some providers do not support UNWRAP (this appears to be only for asymmetric algorithms) - if (sKey == null) - { - keyCipher.init(Cipher.DECRYPT_MODE, recipientKey); - sKey = new SecretKeySpec(keyCipher.doFinal(encryptedContentEncryptionKey), contentEncryptionAlgorithm.getAlgorithm().getId()); - } - - return sKey; - } - catch (InvalidKeyException e) - { - throw new CRMFException("key invalid in message.", e); - } - catch (IllegalBlockSizeException e) - { - throw new CRMFException("illegal blocksize in message.", e); - } - catch (BadPaddingException e) - { - throw new CRMFException("bad padding in message.", e); - } - } - - public InputDecryptor getValueDecryptor(AlgorithmIdentifier keyEncryptionAlgorithm, final AlgorithmIdentifier contentEncryptionAlgorithm, byte[] encryptedContentEncryptionKey) - throws CRMFException - { - Key secretKey = extractSecretKey(keyEncryptionAlgorithm, contentEncryptionAlgorithm, encryptedContentEncryptionKey); - - final Cipher dataCipher = helper.createContentCipher(secretKey, contentEncryptionAlgorithm); - - return new InputDecryptor() - { - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return contentEncryptionAlgorithm; - } - - public InputStream getInputStream(InputStream dataIn) - { - return new CipherInputStream(dataIn, dataCipher); - } - }; - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java deleted file mode 100644 index 701d36e..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JceCRMFEncryptorBuilder.java +++ /dev/null @@ -1,136 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.io.OutputStream; -import java.security.AlgorithmParameters; -import java.security.GeneralSecurityException; -import java.security.Provider; -import java.security.SecureRandom; - -import javax.crypto.Cipher; -import javax.crypto.CipherOutputStream; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; -import org.bouncycastle.operator.GenericKey; -import org.bouncycastle.operator.OutputEncryptor; -import org.bouncycastle.operator.jcajce.JceGenericKey; - -public class JceCRMFEncryptorBuilder -{ - private final ASN1ObjectIdentifier encryptionOID; - private final int keySize; - - private CRMFHelper helper = new CRMFHelper(new DefaultJcaJceHelper()); - private SecureRandom random; - - public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID) - { - this(encryptionOID, -1); - } - - public JceCRMFEncryptorBuilder(ASN1ObjectIdentifier encryptionOID, int keySize) - { - this.encryptionOID = encryptionOID; - this.keySize = keySize; - } - - public JceCRMFEncryptorBuilder setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JceCRMFEncryptorBuilder setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public JceCRMFEncryptorBuilder setSecureRandom(SecureRandom random) - { - this.random = random; - - return this; - } - - public OutputEncryptor build() - throws CRMFException - { - return new CRMFOutputEncryptor(encryptionOID, keySize, random); - } - - private class CRMFOutputEncryptor - implements OutputEncryptor - { - private SecretKey encKey; - private AlgorithmIdentifier algorithmIdentifier; - private Cipher cipher; - - CRMFOutputEncryptor(ASN1ObjectIdentifier encryptionOID, int keySize, SecureRandom random) - throws CRMFException - { - KeyGenerator keyGen = helper.createKeyGenerator(encryptionOID); - - if (random == null) - { - random = new SecureRandom(); - } - - if (keySize < 0) - { - keyGen.init(random); - } - else - { - keyGen.init(keySize, random); - } - - cipher = helper.createCipher(encryptionOID); - encKey = keyGen.generateKey(); - AlgorithmParameters params = helper.generateParameters(encryptionOID, encKey, random); - - try - { - cipher.init(Cipher.ENCRYPT_MODE, encKey, params, random); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("unable to initialize cipher: " + e.getMessage(), e); - } - - // - // If params are null we try and second guess on them as some providers don't provide - // algorithm parameter generation explicity but instead generate them under the hood. - // - if (params == null) - { - params = cipher.getParameters(); - } - - algorithmIdentifier = helper.getAlgorithmIdentifier(encryptionOID, params); - } - - public AlgorithmIdentifier getAlgorithmIdentifier() - { - return algorithmIdentifier; - } - - public OutputStream getOutputStream(OutputStream dOut) - { - return new CipherOutputStream(dOut, cipher); - } - - public GenericKey getKey() - { - return new JceGenericKey(algorithmIdentifier, encKey); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java deleted file mode 100644 index 30423db..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/JcePKMACValuesCalculator.java +++ /dev/null @@ -1,69 +0,0 @@ -package org.bouncycastle.cert.crmf.jcajce; - -import java.security.GeneralSecurityException; -import java.security.MessageDigest; -import java.security.Provider; - -import javax.crypto.Mac; -import javax.crypto.spec.SecretKeySpec; - -import org.bouncycastle.asn1.x509.AlgorithmIdentifier; -import org.bouncycastle.cert.crmf.CRMFException; -import org.bouncycastle.cert.crmf.PKMACValuesCalculator; -import org.bouncycastle.jcajce.util.DefaultJcaJceHelper; -import org.bouncycastle.jcajce.util.NamedJcaJceHelper; -import org.bouncycastle.jcajce.util.ProviderJcaJceHelper; - -public class JcePKMACValuesCalculator - implements PKMACValuesCalculator -{ - private MessageDigest digest; - private Mac mac; - private CRMFHelper helper; - - public JcePKMACValuesCalculator() - { - this.helper = new CRMFHelper(new DefaultJcaJceHelper()); - } - - public JcePKMACValuesCalculator setProvider(Provider provider) - { - this.helper = new CRMFHelper(new ProviderJcaJceHelper(provider)); - - return this; - } - - public JcePKMACValuesCalculator setProvider(String providerName) - { - this.helper = new CRMFHelper(new NamedJcaJceHelper(providerName)); - - return this; - } - - public void setup(AlgorithmIdentifier digAlg, AlgorithmIdentifier macAlg) - throws CRMFException - { - digest = helper.createDigest(digAlg.getAlgorithm()); - mac = helper.createMac(macAlg.getAlgorithm()); - } - - public byte[] calculateDigest(byte[] data) - { - return digest.digest(data); - } - - public byte[] calculateMac(byte[] pwd, byte[] data) - throws CRMFException - { - try - { - mac.init(new SecretKeySpec(pwd, mac.getAlgorithm())); - - return mac.doFinal(data); - } - catch (GeneralSecurityException e) - { - throw new CRMFException("failure in setup: " + e.getMessage(), e); - } - } -} diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html deleted file mode 100644 index e9bc53f..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/jcajce/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<body bgcolor="#ffffff"> -JCA extensions to the CRMF online certificate request package. -</body> -</html>
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/package.html b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/package.html deleted file mode 100644 index 521fc44..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/package.html +++ /dev/null @@ -1,7 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<body bgcolor="#ffffff"> -Basic support package for handling and creating CRMF (RFC 4211) certificate request messages. -</body> -</html>
\ No newline at end of file diff --git a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java b/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java deleted file mode 100644 index 712210e..0000000 --- a/bcpkix/src/main/java/org/bouncycastle/cert/crmf/test/AllTests.java +++ /dev/null @@ -1,384 +0,0 @@ -package org.bouncycastle.cert.crmf.test; - -import java.io.IOException; -import java.math.BigInteger; -import java.security.GeneralSecurityException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.PrivateKey; -import java.security.PublicKey; -import java.security.SecureRandom; -import java.security.Security; -import java.security.cert.X509Certificate; -import java.security.interfaces.RSAPublicKey; -import java.util.Date; - -import javax.security.auth.x500.X500Principal; - -import junit.framework.Test; -import junit.framework.TestCase; -import junit.framework.TestSuite; -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.asn1.crmf.CRMFObjectIdentifiers; -import org.bouncycastle.asn1.crmf.EncKeyWithID; -import org.bouncycastle.asn1.crmf.EncryptedValue; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.GeneralName; -import org.bouncycastle.cert.X509CertificateHolder; -import org.bouncycastle.cert.X509v1CertificateBuilder; -import org.bouncycastle.cert.crmf.EncryptedValueBuilder; -import org.bouncycastle.cert.crmf.EncryptedValuePadder; -import org.bouncycastle.cert.crmf.EncryptedValueParser; -import org.bouncycastle.cert.crmf.PKIArchiveControl; -import org.bouncycastle.cert.crmf.PKMACBuilder; -import org.bouncycastle.cert.crmf.ValueDecryptorGenerator; -import org.bouncycastle.cert.crmf.bc.BcFixedLengthMGF1Padder; -import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessage; -import org.bouncycastle.cert.crmf.jcajce.JcaCertificateRequestMessageBuilder; -import org.bouncycastle.cert.crmf.jcajce.JcaEncryptedValueBuilder; -import org.bouncycastle.cert.crmf.jcajce.JcaPKIArchiveControlBuilder; -import org.bouncycastle.cert.crmf.jcajce.JceAsymmetricValueDecryptorGenerator; -import org.bouncycastle.cert.crmf.jcajce.JceCRMFEncryptorBuilder; -import org.bouncycastle.cert.crmf.jcajce.JcePKMACValuesCalculator; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v1CertificateBuilder; -import org.bouncycastle.cms.CMSAlgorithm; -import org.bouncycastle.cms.CMSEnvelopedDataGenerator; -import org.bouncycastle.cms.RecipientId; -import org.bouncycastle.cms.RecipientInformation; -import org.bouncycastle.cms.RecipientInformationStore; -import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder; -import org.bouncycastle.cms.jcajce.JceKeyTransEnvelopedRecipient; -import org.bouncycastle.cms.jcajce.JceKeyTransRecipientId; -import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; -import org.bouncycastle.operator.jcajce.JcaContentVerifierProviderBuilder; -import org.bouncycastle.operator.jcajce.JceAsymmetricKeyWrapper; -import org.bouncycastle.util.Arrays; - -public class AllTests - extends TestCase -{ - private static final byte[] TEST_DATA = "Hello world!".getBytes(); - private static final String BC = BouncyCastleProvider.PROVIDER_NAME; - private static final String PASSPHRASE = "hello world"; - - /* - * - * INFRASTRUCTURE - * - */ - - public AllTests(String name) - { - super(name); - } - - public static void main(String args[]) - { - junit.textui.TestRunner.run(AllTests.class); - } - - public static Test suite() - { - return new TestSuite(AllTests.class); - } - - public void setUp() - { - Security.addProvider(new BouncyCastleProvider()); - } - - public void tearDown() - { - - } - - public void testBasicMessageWithArchiveControl() - throws Exception - { - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); - - certReqBuild.setSubject(new X500Principal("CN=Test")) - .setPublicKey(kp.getPublic()); - - certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=Test")) - .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) - .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); - - JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build()); - - assertEquals(new X500Principal("CN=Test"), certReqMsg.getSubjectX500Principal()); - assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); - - PKIArchiveControl archiveControl = (PKIArchiveControl)certReqMsg.getControl(CRMFObjectIdentifiers.id_regCtrl_pkiArchiveOptions); - - assertEquals(PKIArchiveControl.encryptedPrivKey, archiveControl.getArchiveType()); - - assertTrue(archiveControl.isEnvelopedData()); - - RecipientInformationStore recips = archiveControl.getEnvelopedData().getRecipientInfos(); - - RecipientId recipientId = new JceKeyTransRecipientId(cert); - - RecipientInformation recipientInformation = recips.get(recipientId); - - assertNotNull(recipientInformation); - - EncKeyWithID encKeyWithID = EncKeyWithID.getInstance(recipientInformation.getContent(new JceKeyTransEnvelopedRecipient(kp.getPrivate()).setProvider(BC))); - - assertTrue(encKeyWithID.hasIdentifier()); - assertFalse(encKeyWithID.isIdentifierUTF8String()); - - assertEquals(new GeneralName(X500Name.getInstance(new X500Principal("CN=Test").getEncoded())), encKeyWithID.getIdentifier()); - assertTrue(Arrays.areEqual(kp.getPrivate().getEncoded(), encKeyWithID.getPrivateKey().getEncoded())); - } - - public void testProofOfPossessionWithoutSender() - throws Exception - { - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); - - certReqBuild.setPublicKey(kp.getPublic()) - .setAuthInfoPKMAC(new PKMACBuilder(new JcePKMACValuesCalculator()), "fred".toCharArray()) - .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); - - certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) - .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) - .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); - - JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); - - // check that internal check on popo signing is working okay - try - { - certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic())); - fail("IllegalStateException not thrown"); - } - catch (IllegalStateException e) - { - // ignore - } - - assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray())); - - assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); - } - - public void testProofOfPossessionWithSender() - throws Exception - { - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); - - certReqBuild.setPublicKey(kp.getPublic()) - .setAuthInfoSender(new X500Principal("CN=Test")) - .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); - - certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) - .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) - .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); - - JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); - - // check that internal check on popo signing is working okay - try - { - certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()), new PKMACBuilder(new JcePKMACValuesCalculator().setProvider(BC)), "fred".toCharArray()); - - fail("IllegalStateException not thrown"); - } - catch (IllegalStateException e) - { - // ignore - } - - - assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()))); - - assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); - } - - public void testProofOfPossessionWithTemplate() - throws Exception - { - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - JcaCertificateRequestMessageBuilder certReqBuild = new JcaCertificateRequestMessageBuilder(BigInteger.ONE); - - certReqBuild.setPublicKey(kp.getPublic()) - .setSubject(new X500Principal("CN=Test")) - .setAuthInfoSender(new X500Principal("CN=Test")) - .setProofOfPossessionSigningKeySigner(new JcaContentSignerBuilder("SHA1withRSA").setProvider(BC).build(kp.getPrivate())); - - certReqBuild.addControl(new JcaPKIArchiveControlBuilder(kp.getPrivate(), new X500Principal("CN=test")) - .addRecipientGenerator(new JceKeyTransRecipientInfoGenerator(cert).setProvider(BC)) - .build(new JceCMSContentEncryptorBuilder(new ASN1ObjectIdentifier(CMSEnvelopedDataGenerator.AES128_CBC)).setProvider(BC).build())); - - JcaCertificateRequestMessage certReqMsg = new JcaCertificateRequestMessage(certReqBuild.build().getEncoded()); - - assertTrue(certReqMsg.isValidSigningKeyPOP(new JcaContentVerifierProviderBuilder().setProvider(BC).build(kp.getPublic()))); - - assertEquals(kp.getPublic(), certReqMsg.getPublicKey()); - } - - public void testEncryptedValue() - throws Exception - { - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - JcaEncryptedValueBuilder build = new JcaEncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); - EncryptedValue value = build.build(cert); - ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); - - // try direct - encryptedValueParserTest(value, decGen, cert); - - // try indirect - encryptedValueParserTest(EncryptedValue.getInstance(value.getEncoded()), decGen, cert); - } - - private void encryptedValueParserTest(EncryptedValue value, ValueDecryptorGenerator decGen, X509Certificate cert) - throws Exception - { - EncryptedValueParser parser = new EncryptedValueParser(value); - - X509CertificateHolder holder = parser.readCertificateHolder(decGen); - - assertTrue(Arrays.areEqual(cert.getEncoded(), holder.getEncoded())); - } - - public void testEncryptedValuePassphrase() - throws Exception - { - char[] passphrase = PASSPHRASE.toCharArray(); - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build()); - EncryptedValue value = build.build(passphrase); - ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); - - // try direct - encryptedValuePassphraseParserTest(value, null, decGen, cert); - - // try indirect - encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), null, decGen, cert); - } - - public void testEncryptedValuePassphraseWithPadding() - throws Exception - { - char[] passphrase = PASSPHRASE.toCharArray(); - KeyPairGenerator kGen = KeyPairGenerator.getInstance("RSA", BC); - - kGen.initialize(512); - - KeyPair kp = kGen.generateKeyPair(); - X509Certificate cert = makeV1Certificate(kp, "CN=Test", kp, "CN=Test"); - - BcFixedLengthMGF1Padder mgf1Padder = new BcFixedLengthMGF1Padder(200, new SecureRandom()); - EncryptedValueBuilder build = new EncryptedValueBuilder(new JceAsymmetricKeyWrapper(cert.getPublicKey()).setProvider(BC), new JceCRMFEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC).build(), mgf1Padder); - EncryptedValue value = build.build(passphrase); - ValueDecryptorGenerator decGen = new JceAsymmetricValueDecryptorGenerator(kp.getPrivate()).setProvider(BC); - - // try direct - encryptedValuePassphraseParserTest(value, mgf1Padder, decGen, cert); - - // try indirect - encryptedValuePassphraseParserTest(EncryptedValue.getInstance(value.getEncoded()), mgf1Padder, decGen, cert); - } - - private void encryptedValuePassphraseParserTest(EncryptedValue value, EncryptedValuePadder padder, ValueDecryptorGenerator decGen, X509Certificate cert) - throws Exception - { - EncryptedValueParser parser = new EncryptedValueParser(value, padder); - - assertTrue(Arrays.areEqual(PASSPHRASE.toCharArray(), parser.readPassphrase(decGen))); - } - - private static X509Certificate makeV1Certificate(KeyPair subKP, String _subDN, KeyPair issKP, String _issDN) - throws GeneralSecurityException, IOException, OperatorCreationException - { - - PublicKey subPub = subKP.getPublic(); - PrivateKey issPriv = issKP.getPrivate(); - PublicKey issPub = issKP.getPublic(); - - X509v1CertificateBuilder v1CertGen = new JcaX509v1CertificateBuilder( - new X500Name(_issDN), - BigInteger.valueOf(System.currentTimeMillis()), - new Date(System.currentTimeMillis()), - new Date(System.currentTimeMillis() + (1000L * 60 * 60 * 24 * 100)), - new X500Name(_subDN), - subPub); - - JcaContentSignerBuilder signerBuilder = null; - - if (issPub instanceof RSAPublicKey) - { - signerBuilder = new JcaContentSignerBuilder("SHA1WithRSA"); - } - else if (issPub.getAlgorithm().equals("DSA")) - { - signerBuilder = new JcaContentSignerBuilder("SHA1withDSA"); - } - else if (issPub.getAlgorithm().equals("ECDSA")) - { - signerBuilder = new JcaContentSignerBuilder("SHA1withECDSA"); - } - else if (issPub.getAlgorithm().equals("ECGOST3410")) - { - signerBuilder = new JcaContentSignerBuilder("GOST3411withECGOST3410"); - } - else - { - signerBuilder = new JcaContentSignerBuilder("GOST3411WithGOST3410"); - } - - signerBuilder.setProvider(BC); - - X509Certificate _cert = new JcaX509CertificateConverter().setProvider(BC).getCertificate(v1CertGen.build(signerBuilder.build(issPriv))); - - _cert.checkValidity(new Date()); - _cert.verify(issPub); - - return _cert; - } -}
\ No newline at end of file |